I am seeing an issue that is a bit perplexing. I do not know how it was working before in JBoss4. Here is the use case: Testcase: org.jboss.test.web.test.WebIntegrationUnitTestCase Scenarios: testUnsecureRunAsServlet, testUnsecureRunAsServletWithPrincipalName,testUnsecureRunAsServletWithPrincipalNameAndRoles In my current pass at JBoss5, I am making use of a single threadlocal to contain the security context with push/pop mechanism. | Servlet: RunAsServlet | | init() | { | //I have a run-as defined, I am going to call a secure ejb | } | | service() | { | //I am going to call a secure ejb. run-as will be propagated | } | In my sequence of calls, JaccContextValve which is set at the host level, establishes the security context on the thread local. After this, the SecurityAssociationValve will push the current run-as on to the established security context. When the servlet is loaded, the init() method is preceded by an InstanceEvent("before_init") which will invoke the RunAsListener. I push the runas on to the security context. After the init method, there is an event for "after_init", which would pop the run as from the security context. So things work fine for the init() method secure ejb call. There are issues from the service() method call in the servlet onto secure ejbs. The sequence of events are as follows for the service(): | JaccContextValve - set the security context | SecurityAssociationValve - push run as | load the servlet | instanceevent:before-init - push run as | init() | instanceevent:after-init - pop run as | | At this time my thread local is devoid of any run as | | instanceevent:before_filter | instanceevent:after_filter | instanceevent:before_service | service() | instanceevent:after_service | As you can see, there is no passage of the request through the valve chain between invocation of the init() and service() methods. I think this is the right sequence. I can solve this usecase by adding push/pop of run as in the RunAsListener for InstanceEvent(before_service) and InstanceEvent(after_service). Thoughts/suggestions? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4039113#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...